Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.

Published byValentine Gardner Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

2 Objectives After reading this chapter and completing the exercises, you will be able to: –Describe vulnerabilities of Windows and Linux operating systems –Identify specific vulnerabilities and explain ways to fix them –Explain techniques to harden systems against Windows and Linux vulnerabilities Hands-On Ethical Hacking and Network Defense, Second Edition2

3 Windows OS Vulnerabilities Many Windows OSs have serious vulnerabilities –Windows 2000 and earlier Administrators must disable, reconfigure, or uninstall services and features –Windows XP, Vista, Server 2003, Server 2008, and Windows 7 Most services and features are disabled by default Good information source: –CVE Web site Hands-On Ethical Hacking and Network Defense, Second Edition3

4 4 Table 8-1 Windows Server 2008 vulnerabilities found at CVE

5 Windows File Systems File system –Stores and manages information User created OS files needed to boot –Most vital part of any OS Can be a vulnerability Hands-On Ethical Hacking and Network Defense, Second Edition5

6 File Allocation Table Original Microsoft file system –Supported by nearly all desktop and server Oss –Standard file system for most removable media Other than CDs and DVDs –Later versions provide for larger file and disk sizes Most serious shortcoming –Doesn’t support file-level access control lists (ACLs) Necessary for setting permissions on files Multiuser environment use results in vulnerability Hands-On Ethical Hacking and Network Defense, Second Edition6

7 NTFS New Technology File System (NTFS) –First released as high-end file system Added support for larger files, disk volumes, and ACL file security Subsequent Windows versions –Included several upgrades Alternate data streams (ADSs) –Can “stream” (hide) information behind existing files Without affecting function, size, or other information –Several detection methods Hands-On Ethical Hacking and Network Defense, Second Edition7

8 Remote Procedure Call Interprocess communication mechanism –Allows a program running on one host to run code on a remote host Worm that exploited RPC –Conficker worm Microsoft Baseline Security Analyzer –Determines if system is vulnerable due to an RPC- related issue Hands-On Ethical Hacking and Network Defense, Second Edition8

9 NetBIOS Software loaded into memory –Enables computer program to interact with network resource or device NetBIOS isn’t a protocol –Interface to a network protocol NetBios Extended User Interface (NetBEUI) –Fast, efficient network protocol –Allows NetBIOS packets to be transmitted over TCP/IP –NBT is NetBIOS over TCP Hands-On Ethical Hacking and Network Defense, Second Edition9

10 10 NetBIOS (cont’d.) Systems running newer Windows OSs –Share files and resources without using NetBIOS NetBIOS is still used for backward compatibility –Budgets don’t allow upgrading –Customer expectations must be met

11 Hands-On Ethical Hacking and Network Defense, Second Edition11 Server Message Block Used to share files –Usually runs on top of: NetBIOS NetBEUI TCP/IP Several hacking tools target SMB –L0phtcrack’s SMB Packet Capture utility and SMBRelay It took Microsoft seven years to patch these

12 Server Message Block (cont’d.) SMB2 –Introduced in Windows Vista –Several new features –Faster and more efficient Windows 7 –Microsoft avoided reusing code –Still allowed backward capability Windows XP Mode Hands-On Ethical Hacking and Network Defense, Second Edition12

13 Common Internet File System Standard protocol –Replaced SMB for Windows 2000 Server and later –SMB is still used for backward compatibility Remote file system protocol –Enables sharing of network resources over the Internet Relies on other protocols to handle service announcements –Notifies users of available resources Hands-On Ethical Hacking and Network Defense, Second Edition13

14 Common Internet File System (cont’d.) Enhancements –Locking features –Caching and read-ahead/write-behind –Support for fault tolerance –Capability to run more efficiently over dial-up –Support for anonymous and authenticated access Server security methods –Share-level security –User-level security Hands-On Ethical Hacking and Network Defense, Second Edition14

15 Common Internet File System (cont’d.) Attackers look for servers designated as domain controllers –Severs handle authentication Windows Server 2003 and 2008 –Domain controller uses a global catalog (GC) server Locates resources among many objects Hands-On Ethical Hacking and Network Defense, Second Edition15

16 Null Sessions Anonymous connection established without credentials –Used to display information about users, groups, shares, and password policies –Necessary only if networks need to support older Windows versions To enumerate NetBIOS vulnerabilities use: –Nbtstat, Net view, Netstat, Ping, Pathping, and Telnet commands Hands-On Ethical Hacking and Network Defense, Second Edition16

17 Web Services IIS installs with critical security vulnerabilities –IIS Lockdown Wizard Locks down IIS versions 4.0 and 5.0 IIS 6.0 –Installs with a “secure by default” mode –Previous versions left crucial security holes Keeping a system patched is important Configure only needed services Hands-On Ethical Hacking and Network Defense, Second Edition17

18 Hands-On Ethical Hacking and Network Defense, Second Edition18 SQL Server Many potential vulnerabilities –Null System Administrator (SA) password SA access through SA account SA with blank password –Gives attackers administrative access Database and database server

19 Hands-On Ethical Hacking and Network Defense, Second Edition19 Buffer Overflows Data is written to a buffer and corrupts data in memory next to allocated buffer –Normally, occurs when copying strings of characters from one buffer to another Functions don’t verify text fits –Attackers run shell code C and C++ –Lack built-in protection against overwriting data in memory

20 Passwords and Authentication Weakest security link in any network –Authorized users Most difficult to secure Relies on people –Companies should take steps to address it Hands-On Ethical Hacking and Network Defense, Second Edition20

21 Passwords and Authentication (cont’d.) Comprehensive password policy is critical –Should include: Change regularly Require at least six characters Require complex passwords Passwords can’t be common words, dictionary words, slang, jargon, or dialect Passwords must not be identified with a user Never write it down or store it online or in a file Do not reveal it to anyone Use caution when logging on and limit reuse Hands-On Ethical Hacking and Network Defense, Second Edition21

22 Passwords and Authentication (cont’d.) Configure domain controllers –Enforce password age, length, and complexity Password policy aspects that can be enforced: –Account lockout threshold Set number of failed attempts before account is disabled temporarily –Account lockout duration Set period of time account is locked out after failed logon attempts Hands-On Ethical Hacking and Network Defense, Second Edition22

23 Tools for Identifying Vulnerabilities in Windows Many tools are available –Using more than one is advisable Using several tools –Helps pinpoint problems more accurately Hands-On Ethical Hacking and Network Defense, Second Edition23

24 Built-in Windows Tools Microsoft Baseline Security Analyzer (MBSA) –Capable of checking for: Patches Security updates Configuration errors Blank or weak passwords Hands-On Ethical Hacking and Network Defense, Second Edition24

25 Hands-On Ethical Hacking and Network Defense, Second Edition25 Figure 8-1 Checks available in MBSA

26 Hands-On Ethical Hacking and Network Defense, Second Edition26 Table 8-2 Checks performed by MBSA in full-scan mode

27 Hands-On Ethical Hacking and Network Defense, Second Edition27 Table 8-2 Checks performed by MBSA in full-scan mode (cont’d.)

28 Using MBSA System must meet minimum requirements –Before installing After installing, MBSA can: –Scan itself –Scan other computers remotely –Be scanned remotely Hands-On Ethical Hacking and Network Defense, Second Edition28

29 Hands-On Ethical Hacking and Network Defense, Second Edition29 Table 8-3 Minimum system requirements for MBSA

30 Best Practices for Hardening Windows Systems Penetration tester –Finds and reports vulnerabilities Security tester –Finds vulnerabilities –Gives recommendations for correcting them Hands-On Ethical Hacking and Network Defense, Second Edition30

31 Patching Systems Best way to keep systems secure –Keep up to date Attackers take advantage of known vulnerabilities Options for small networks –Accessing Windows Update manually –Configure Automatic Updates Options for large networks –Systems Management Server (SMS) –Windows Software Update Service (WSUS) Third-party patch management solutions Hands-On Ethical Hacking and Network Defense, Second Edition31

32 Antivirus Solutions Antivirus solution is essential –Small networks Desktop antivirus tool with automatic updates –Large networks Require corporate-level solution Antivirus tools –Almost useless if not updated regularly Hands-On Ethical Hacking and Network Defense, Second Edition32

33 Enable Logging and Review Logs Regularly Important step for monitoring critical areas –Performance –Traffic patterns –Possible security breaches Can have negative impact on performance Review regularly –Signs of intrusion or problems Use log-monitoring tool Hands-On Ethical Hacking and Network Defense, Second Edition33

34 Disable Unused Services and Filtering Ports Disable unneeded services Delete unnecessary applications or scripts –Unused applications are invitations for attacks Reducing the attack surface –Open only what needs to be open, and close everything else Filter out unnecessary ports –Make sure perimeter routers filter out ports 137 to 139 and 445 Hands-On Ethical Hacking and Network Defense, Second Edition34

35 Other Security Best Practices Other practices include: –Use TCP/IP filtering –Delete unused scripts and sample applications –Delete default hidden shares –Use unique naming scheme and passwords –Be careful of default permissions –Use appropriate packet-filtering techniques –Use available tools to assess system security –Disable Guest account Hands-On Ethical Hacking and Network Defense, Second Edition35

36 Other Security Best Practices (cont’d.) Other practices include (cont’d.): –Rename default Administrator account –Make sure there are no accounts with blank passwords –Use Windows group policies –Develop a comprehensive security awareness program –Keep up with emerging threats Hands-On Ethical Hacking and Network Defense, Second Edition36

37 Linux OS Vulnerabilities Linux can be made more secure –Awareness of vulnerabilities –Keep current on new releases and fixes Many versions are available –Differences ranging from slight to major It’s important to understand basics –Run control and service configuration –Directory structure and file system –Basic shell commands and scripting –Package management Hands-On Ethical Hacking and Network Defense, Second Edition37

38 Samba Open-source implementation of CIFS –Created in 1992 Allows sharing resources over a network –Security professionals should have basic knowledge of SMB and Samba Many companies have a mixed environment of Windows and *nix systems Used to “trick” Windows services into believing *nix resources are Windows resources Hands-On Ethical Hacking and Network Defense, Second Edition38

39 Tools for Identifying Linux Vulnerabilities CVE Web site –Source for discovering possible attacker avenues Hands-On Ethical Hacking and Network Defense, Second Edition39 Table 8-4 Linux vulnerabilities found at CVE

40 Tools for Identifying Linux Vulnerabilities (cont’d.) OpenVAS can enumerate multiple OSs –Security tester using enumeration tools can: Identify a computer on the network by using port scanning and zone transfers Identify the OS by conducting port scanning and enumeration Identify via enumeration any logon accounts and passwords Learn names of shared folders by using enumeration Identify services running Hands-On Ethical Hacking and Network Defense, Second Edition40

41 Hands-On Ethical Hacking and Network Defense, Second Edition41 Figure 8-5 Viewing security warning details

42 Hands-On Ethical Hacking and Network Defense, Second Edition42 Figure 8-6 OpenVAS revealing a security hole resulting from a Firefox vulnerability

43 Hands-On Ethical Hacking and Network Defense, Second Edition43 Figure 8-7 OpenVAS revealing a security hole resulting from a DHCP client vulnerability

44 Checking for Trojan Programs Most Trojan programs perform one or more of the following: –Allow remote administration of attacked system –Create a file server on attacked computer Files can be loaded and downloaded –Steal passwords from attacked system E-mail them to attacker –Log keystrokes E-mail results or store them in a hidden file the attacker can access remotely Hands-On Ethical Hacking and Network Defense, Second Edition44

45 Checking for Trojan Programs (cont’d.) Linux Trojan programs –Sometimes disguised as legitimate programs –Contain program code that can wipe out file systems –More difficult to detect today Protecting against identified Trojan programs is easier Rootkits containing Trojan binary programs –More dangerous –Attackers hide tools Perform further attacks Have access to backdoor programs Hands-On Ethical Hacking and Network Defense, Second Edition45

46 More Countermeasures Against Linux Attacks Most critical tasks: –User awareness training –Keeping current –Configuring systems to improve security Hands-On Ethical Hacking and Network Defense, Second Edition46

47 User Awareness Training Inform users –No information should be given to outsiders Knowing OS makes attacks easier –Be suspicious of people asking questions Verify who they are talking to Call them back Hands-On Ethical Hacking and Network Defense, Second Edition47

48 Keeping Current As soon as a vulnerability is discovered and posted –OS vendors notify customers Upgrades Patches –Installing fixes promptly is essential Linux distributions –Most have warning methods Hands-On Ethical Hacking and Network Defense, Second Edition48

49 Secure Configuration Many methods to help prevent intrusion –Vulnerability scanners –Built-in Linux tools –Free benchmark tools Center for Internet Security –Security Blanket Trusted Computer Solutions Hands-On Ethical Hacking and Network Defense, Second Edition49

50 Summary Default installations of Windows OSs –Can contain serious vulnerabilities Vulnerabilities in Windows file systems –Lack of ACL support in FAT –Risk of malicious ADSs in NTFS –RCP –NetBIOS –SMB –Null sessions –Windows Web services and IIS Hands-On Ethical Hacking and Network Defense, Second Edition50

51 Summary (cont’d.) Microsoft SQL Server –Critical SQL vulnerability Null SA password Buffer overflow attacks –Allow attackers to run arbitrary code Users represent a major security vulnerability –Create a comprehensive password policy and training program Tools are available for discovering Windows vulnerabilities (e.g., MBSA) Hands-On Ethical Hacking and Network Defense, Second Edition51

52 Summary (cont’d.) Steps to secure systems –Keeping systems updated, running antivirus tools, reviewing logs regularly, etc. Vulnerabilities of Linux OS –Can be discovered with security tools Samba –Created to address issue of interoperability Tools can detect rootkits on Linux systems (e.g., chkrootkit) Built-in Linux tools are available for configuring Hands-On Ethical Hacking and Network Defense, Second Edition52

Download ppt "Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Chapter 6 Enumeration Modified 9-28-09. Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.

Chapter 6 Enumeration Modified Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.

11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.

Similar presentations

Ads by Google